Adding create:user_tickets scope for React app

msing · August 8, 2023, 1:08pm

I am trying to create a password change ticket using the Auth0 Management API from a React application. I tried to set the “create:user_tickets” scope but when I receive my token back that scope is missing. All other scopes I have set work (openid email profile read:current_user update:current_user_metadata) and my other calls to management API for user profile information work as well. I have the audience set to the management API in the Authorization params in Auth0 Provider.

Is this a limitation with a single page application?
Using the @auth0/auth0-react package.

dan.woda · August 14, 2023, 1:28pm

Hi @msing,

Welcome to the Auth0 Community!

Yes, there is a limitation for public clients when requesting tokens for the Management API. This includes create:user_tickets scopes. For example, if a user was to inspect the React app and grab the token with this scope, they could change any user’s password.

This type of request should be made from a secure backend or API.

system · August 29, 2023, 1:05pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I can't update user email or any other information Help jwt , auth0 , api , management-api	2	3353	October 19, 2021
Missing create:user_tickets scope when using the Auth0 .NET SDK Help .net , csharp , management-api	4	2978	April 22, 2022
Need help accessing Management API using react-auth0-spa-js Help spa , react	4	5788	February 12, 2020
Error: Insufficient scope, create:user_tickets Help management-api , scopes , error	3	8835	March 2, 2018
Auth0 Lock React - Insufficient Scope Help auth0-lock , react , scope	2	5123	March 2, 2018

Adding create:user_tickets scope for React app

Related Topics